Two exchange servers, one domain, no FE, OWA and SSL

We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
set as the secondary. Outlook email is working fine for both servers. For all
users that have their mailbox setup on serverA, they are able to access their
email just fine from owa both internally and externally. For users that have
their mailbox residing on serverB, they are not able to access owa from
anywhere. When serverB users go to https://serverA/exchange, they get page
cannot be displayed. However, when they are internal and they access
http://serverB/exchange (not https), then owa comes up just fine, but I want
them to use ssl. I compared the two and noticed that there is no ssl cert
configured for serverB and there is one for serverA. I dont have any extra
hardware to implement an FE.

Here are my thoughts for allowing serverB users to access OWA:

1. I assume I will need to create a new MX for serverB, point it to the
gateway of the subnet where serverB resides and then create a NAT rule to
redirect it to the internal IP of serverB?

2. Create an SSL cert for serverB and give the users with mailboxes on
serverB the correct OWA address?

Ive never worked with multiple exchange servers in a single domain so please
pardon my ignorance. Thank you.


Thanks!

On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support
wrote:

>We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
>set as the secondary. Outlook email is working fine for both servers. For all
>users that have their mailbox setup on serverA, they are able to access their
>email just fine from owa both internally and externally. For users that have
>their mailbox residing on serverB, they are not able to access owa from
>anywhere. When serverB users go to https://serverA/exchange, they get page
>cannot be displayed. However, when they are internal and they access
>http://serverB/exchange (not https), then owa comes up just fine, but I want
>them to use ssl. I compared the two and noticed that there is no ssl cert
>configured for serverB and there is one for serverA. I dont have any extra
>hardware to implement an FE.
>
>Here are my thoughts for allowing serverB users to access OWA:
>
>1. I assume I will need to create a new MX for serverB, point it to the
>gateway of the subnet where serverB resides and then create a NAT rule to
>redirect it to the internal IP of serverB?
>
>2. Create an SSL cert for serverB and give the users with mailboxes on
>serverB the correct OWA address?
>
>Ive never worked with multiple exchange servers in a single domain so please
>pardon my ignorance. Thank you.
>
>
>Thanks!

What's this master and secondary thng? There's no such thing in
Exchange 2003 (or 2007 for that matter)

On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support
wrote:

>We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
>set as the secondary. Outlook email is working fine for both servers. For all
>users that have their mailbox setup on serverA, they are able to access their
>email just fine from owa both internally and externally. For users that have
>their mailbox residing on serverB, they are not able to access owa from
>anywhere. When serverB users go to https://serverA/exchange, they get page
>cannot be displayed. However, when they are internal and they access
>http://serverB/exchange (not https), then owa comes up just fine, but I want
>them to use ssl. I compared the two and noticed that there is no ssl cert
>configured for serverB and there is one for serverA. I dont have any extra
>hardware to implement an FE.
>
>Here are my thoughts for allowing serverB users to access OWA:
>
>1. I assume I will need to create a new MX for serverB, point it to the
>gateway of the subnet where serverB resides and then create a NAT rule to
>redirect it to the internal IP of serverB?

No. No MX record. Deliver all mail to the current MX record and it
will sort it out from there. Create an MX if you want but it will be
additional work for you.

You do need an A record for the other server though.
>
>2. Create an SSL cert for serverB and give the users with mailboxes on
>serverB the correct OWA address?

Yup. A new certificate.

>Ive never worked with multiple exchange servers in a single domain so please
>pardon my ignorance. Thank you.
>
>
>Thanks!

To chime in,

Don't worry about adding an extra MX record, unless you see value in doing
so incase Server A goes down.

If you cannot implement an Exchange 2003 FE, which would proxy all OWA
requests (as well as pop/imap/activesync) to both backends. You will have to
have two OWA urls.

One for ServerA
One for ServerB.

The Certificate will be unique to each.

Oliver

Sorry, it is Master and Member. Server A is the Master, Server B is a Member.

"Mark Arnold [MVP]" wrote:

> On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support
> wrote:
>
> >We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
> >set as the secondary. Outlook email is working fine for both servers. For all
> >users that have their mailbox setup on serverA, they are able to access their
> >email just fine from owa both internally and externally. For users that have
> >their mailbox residing on serverB, they are not able to access owa from
> >anywhere. When serverB users go to https://serverA/exchange, they get page
> >cannot be displayed. However, when they are internal and they access
> >http://serverB/exchange (not https), then owa comes up just fine, but I want
> >them to use ssl. I compared the two and noticed that there is no ssl cert
> >configured for serverB and there is one for serverA. I dont have any extra
> >hardware to implement an FE.
> >
> >Here are my thoughts for allowing serverB users to access OWA:
> >
> >1. I assume I will need to create a new MX for serverB, point it to the
> >gateway of the subnet where serverB resides and then create a NAT rule to
> >redirect it to the internal IP of serverB?
> >
> >2. Create an SSL cert for serverB and give the users with mailboxes on
> >serverB the correct OWA address?
> >
> >Ive never worked with multiple exchange servers in a single domain so please
> >pardon my ignorance. Thank you.
> >
> >
> >Thanks!
>
> What's this master and secondary thng? There's no such thing in
> Exchange 2003 (or 2007 for that matter)
> .
>

So I create a new OWA URL, and then what? Is there a good site that has
instructions on how to create a second owa url or is it just like creating
the first one? And how do I associate that second owa url to server B? Is
it through the ssl cert that I will create for it?

Sorry, Im more of a network guy, havent done much designing with Exchange yet.

"Oliver Moazzezi [MVP]" wrote:

> To chime in,
>
> Don't worry about adding an extra MX record, unless you see value in doing
> so incase Server A goes down.
>
> If you cannot implement an Exchange 2003 FE, which would proxy all OWA
> requests (as well as pop/imap/activesync) to both backends. You will have to
> have two OWA urls.
>
> One for ServerA
> One for ServerB.
>
> The Certificate will be unique to each.
>
> Oliver
>
>
> .
>

On Thu, 12 Nov 2009 10:08:11 -0800, gjl_support
wrote:

>Sorry, it is Master and Member. Server A is the Master, Server B is a Member.
>
You create the Exchange the same as you would have done the first. You
create a certificate the same way, all that's going to happen is that
it will have a different name.
Nothing changes.